|
256811
|
- |
|
joomla
|
joomla\!
|
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-7981
|
2014-10-10 10:32 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256812
|
- |
|
eng
|
spagobi
|
The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL…
|
CWE-94
Code Injection
|
CVE-2014-7296
|
2014-10-10 10:28 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256813
|
- |
|
joomla
|
joomla\!
|
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7229
|
2014-10-10 05:52 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256814
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6631
|
2014-10-10 03:07 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256815
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
|
CWE-287
Improper Authentication
|
CVE-2014-6632
|
2014-10-10 01:46 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256816
|
- |
|
drupal
|
zen
|
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer the…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7980
|
2014-10-10 00:47 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256817
|
- |
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.p…
|
CWE-89
SQL Injection
|
CVE-2014-5308
|
2014-10-9 21:55 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256818
|
- |
|
arubanetworks
|
arubaos
|
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain …
|
NVD-CWE-noinfo
|
CVE-2014-7299
|
2014-10-9 02:38 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256819
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
|
CWE-78
OS Command
|
CVE-2014-6434
|
2014-10-9 00:02 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256820
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
|
CWE-94
Code Injection
|
CVE-2014-6433
|
2014-10-9 00:00 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
